Writing secure code
Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testin...
| Autor principal: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Sebastopol :
Microsoft Press
2004.
|
| Edición: | 2nd ed |
| Colección: | Developer Best Practices
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627885606719 |
Tabla de Contenidos:
- Copyright; Contents at a Glance; Table of Contents; Introduction; Part I. Contemporary Security; Chapter 1. The Need for Secure Systems; Applications on the Wild Wild Web; The Need for Trustworthy Computing; Getting Everyone's Head in the Game; Some Ideas for Instilling a Security Culture; The Attacker's Advantage and the Defender's Dilemma; Summary; Chapter 2. The Proactive Security Development Process; Process Improvements; The Role of Education; Design Phase; Development Phase; Test Phase; Shipping and Maintenance Phases; Summary; Chapter 3. Security Principles to Live By
- SD3: Secure by Design, by Default, and in DeploymentSecurity Principles; Summary; Chapter 4. Threat Modeling; Secure Design Through Threat Modeling; Security Techniques; Mitigating the Sample Payroll Application Threats; A Cornucopia of Threats and Solutions; Summary; Part II. Secure Coding Techniques; Chapter 5. Public Enemy #1: The Buffer Overrun; Stack Overruns; Heap Overruns; Array Indexing Errors; Format String Bugs; Unicode and ANSI Buffer Size Mismatches; Preventing Buffer Overruns; The Visual C++ .NET /GS Option; Summary; Chapter 6. Determining Appropriate Access Control
- Why ACLs Are ImportantWhat Makes Up an ACL?; A Method of Choosing Good ACLs; Creating ACLs; Getting the ACE Order Right; Be Wary of the Terminal Server and Remote Desktop SIDs; NULL DACLs and Other Dangerous ACE Types; Other Access Control Mechanisms; Summary; Chapter 7. Running with Least Privilege; Least Privilege in the Real World; Brief Overview of Access Control; Brief Overview of Privileges; Brief Overview of Tokens; How Tokens, Privileges, SIDs, ACLs, and Processes Relate; Three Reasons Applications Require Elevated Privileges; Solving the Elevated Privileges Issue
- A Process for Determining Appropriate PrivilegeLow-Privilege Service Accounts in Windows XP and Windows.NET Server 2003; The Impersonate Privilege and Windows .NET Server 2003; Debugging Least-Privilege Issues; Summary; Chapter 8. Cryptographic Foibles; Using Poor Random Numbers; Using Passwords to Derive Cryptographic Keys; Key Management Issues; Creating Your Own Cryptographic Functions; Using the Same Stream-Cipher Encryption Key; Bit-Flipping Attacks Against Stream Ciphers; Reusing a Buffer for Plaintext and Ciphertext; Using Crypto to Mitigate Threats; Document Your Use of Cryptography
- Chapter 9. Protecting Secret DataAttacking Secret Data; Sometimes You Don't Need to Store a Secret; Getting the Secret from the User; Protecting Secrets in Windows 2000 and Later; Protecting Secrets in Windows NT 4; Protecting Secrets in Windows 95, Windows 98, Windows Me,and Windows CE; Not Opting for a Least Common Denominator Solution; Managing Secrets in Memory; Locking Memory to Prevent Paging Sensitive Data; Protecting Secret Data in Managed Code; Raising the Security Bar; Trade-Offs When Protecting Secret Data; Summary; Chapter 10. All Input Is Evil!; The Issue; Misplaced Trust
- A Strategy for Defending Against Input Attacks
